iTnews

Sysadmin creates tool to scour web for hacked data

By Darren Pauli on Nov 26, 2012 1:10PM
Sysadmin creates tool to scour web for hacked data

Track leaky staff, hackers.

A Wellington system administrator has developed a tool to identify corporate secrets, hacked data and even stolen credit cards as they emerge on social networks and online clipboards.

Users could set the OSINT OPSEC (Open Source Intelligence / Operational Security) Tool to monitor for keywords, allowing, for example, an organisation to be alerted if a hacking group dumped its sensitive data to clipboard site Pastebin.

Or it could scour Stack Exchange for intellectual property code snippets, use Twitter to track the whereabouts of politicians in warzones, or check Reddit, Facebook and Wordpress to avert potential PR disasters. 

Hyprwired

Blackhats, too, could benefit from the OSINT OPSEC Tool. However author Brendan 'Hyprwired' Jamieson, 21, said it was made to assist users with defence and operational awareness.

"Right now, a whole lot of people are leaking a whole lot of information online," Jamieson told Kiwicon 6 delegates. "Here we have a full US passport, all the serials, date of birth, names, etcetera is all there."

"In 2009, a congressman tweeted 'just landed in Baghdad' and 'moved into green zone by helicopter just over the palace heading to the US embassy' - and if someone was watching this, it could have serious consequences."

Kiwicon 6 coverage

He found staff tweets leaking news of then-incomplete corporate mergers and intellectual property published on public forums.

The tool GUI

It could also geo-locate tweets using Google Maps to assist with OSINT investigations.

Existing services like Google Alerts and API (application programmable interface) search tools were insufficient because they were slow or could not search for keywords on the spread of social media.

Jamieson built the Python tool -- and a new love of the language -- in less than 12 weeks, complete with a shiny GUI and point-and-click functionality.

Critically, it was released as open source via GitHub so users search requests remained hidden.

The OSINT OPSEC Tool plugged into an API to quickly search through data on Twitter, Facebook and Wordpress.

But it had to download full posts to scrape Pastebin. When it rummaged through old posts, the repeat downloads resulted in a momentary block by the site. This could be solved by changing IP addresses via another daemon on a separate site.

"The real key to maintain good OPSEC is to STFU," Jamieson said.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
facebook kiwicon kiwicon 6 opsec osint pastebin python reddit security social media stack exchange twitter wordpress
By Darren Pauli
Nov 26 2012
1:10PM
0 Comments

Related Articles

  • Free tool finds hacked data, stolen cards
  • Thailand takes legal action against Facebook, Twitter over content
  • Facebook suspends fake Russian accounts, warns of US election hack-and-leak threat
  • Tech giants meet with US intelligence on 2020 election security
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Centrelink IT system risks 'largely' managed during WPIT overhaul

Centrelink IT system risks 'largely' managed during WPIT overhaul
Researchers say not to use myGovID until login flaw is fixed

Researchers say not to use myGovID until login flaw is fixed
DOS Subsystem for Linux breaks cover

DOS Subsystem for Linux breaks cover
Optus, Vocus score first deals in ATO telco carve-up

Optus, Vocus score first deals in ATO telco carve-up
You must be a registered member of iTnews to post a comment.
Log In | Register

Partner Content

Network-layer DDoS attack trends for Q2 2020
Partner Content
Network-layer DDoS attack trends for Q2 2020
IBM talks up VMware-based service for regulated workloads
IBM talks up VMware-based service for regulated workloads
How telemetry is re-shaping the construction sector
Partner Content
How telemetry is re-shaping the construction sector
Digital solutions multinational CI&T expands into ANZ
Partner Content
Digital solutions multinational CI&T expands into ANZ
IBM wants to help financial services providers with compliance in cloud
IBM wants to help financial services providers with compliance in cloud

Whitepapers from our sponsors

A Migration Guide For Businesses Switching Mobile Device Management Solutions
A Migration Guide For Businesses Switching Mobile Device Management Solutions
Plan your post-COVID security strategy
Plan your post-COVID security strategy
The Executive's Guide To The Future Of Work
The Executive's Guide To The Future Of Work
Government Digital Transformation Requires Customer Obsession
Government Digital Transformation Requires Customer Obsession
Master the fundamentals of AWS cost efficiency
Master the fundamentals of AWS cost efficiency

Events

  • [On-demand]:Delivering transformation that complies – IBM Cloud for VMware Regulated Workloads
  • [On-demand Webinar]: Intelligent Trade Finance using AI and Watson Discovery
  • [On-demand replay]: CTO Insights: Solving the new data challenges
  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • Webinar: Building Secure and Reliable Cloud Foundations for Growth and Transformation
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.